The threat of cyberattacks on institutions, including healthcare, is under review after the recent WannaCry ransomware attack that impacted the UK’s National Health Service (NHS) with the US healthcare's own cybersecurity preparedness of particular concern.
A recent B2B technology report by ABI research noted a lack of awareness and complacency in the healthcare industry that stems from both inadequate data protection legislation, and a false sense of security and suggests that millions of health records have been breached here in the US since 2010.
Though the most recent cyberattack was one long forewarned by security professionals, the report looked at 455 B2B US based companies across nine vertical markets, and the healthcare sector showed the least concern regarding Internet security out of all sectors who participated in the survey.
"Cybersecurity within the healthcare sector has been traditionally poor, at best and is generally limited to box ticking as required under data protection legislation," says Michela Menting, research director at ABI Research. "A true understanding of the risks and the requirements of comprehensive, multi-layered cybersecurity implementation is sorely lacking.”
While 82% of healthcare respondents did not rank privacy and data protection as a concern, and 58% did not rank cybersecurity at all, over half of the respondents did not acknowledge any obstacles to using more technology.
A better understanding of cybersecurity legislation and guidance is key.
In its current state, ransomware will continue to threaten security in healthcare, due to the ongoing vulnerabilities in everything from patient care to hospital equipment.
"Complacency in risk mitigation is dangerous, as the WannaCry ransomware attack sadly revealed," added Menting. "Healthcare organizations should treat cybersecurity as a living process, rather than as a static checklist, especially when considering new technology adoption."